Digital Services » IT Services » Bring Your Own Device (BYOD)

Bring Your Own Device (BYOD)

BYOD enables staff and students to use their own personal devices such as phones, tablets, and laptops to access University resources such as:

Corporate communication systems – Outlook Email and Teams
Licensed software apps – Autodesk and Adobe
Cloud data storage platforms – OneDrive for Business and SharePoint

Due to the number of personal devices connected to University networks and accessing organisational data such as Email and Microsoft Teams there are additional security risks to be considered.

To help protect against these security risks, the University is responsible for and required to implement additional security measures to ensure that our University data and systems are protected and we are compliant with the NCSC Cyber Essentials Certification.

Frequently Asked Questions

How do I enrol my personal (BYOD) device?

You will be automatically prompted to enrol your personal (BYOD) device after you sign in into any UWTSD Microsoft 365 services.

When signing in to UWTSD Microsoft 365 services, you will be guided through enrolling your device; however, we have created the following guides to help simplify the enrolment process.

Please follow the appropriate guide for your Personal (BYOD) Device.

What if I have a University-provided device?

The UWTSD Bring Your Own Device Policy (BYOD) does not apply to any managed devices provided to you by the University.

If you have been provided with a University-managed device, appropriate controls and mobile device management policies are already in place.

If you access Microsoft 365 services such as SharePoint Online or OneDrive Online using a web browser, you will need to ensure you are logged into the web browser with your University account. To login to your web browser with your University account, follow our Enabling Browser Single Sign On (SSO) user guide.

If you have a University provided device and experience any issues accessing University data or apps, or are prompted to enrol your device, please contact our IT Service Desk for assistance.

Students using a personal BYOD device

Students will need to read and accept the IT Acceptable Use Policy however, there are no BYOD specific requirements for students.

Students are able to use personal BYOD devices to access University resources such as email and Microsoft Teams and will not be re-required to enrol their device in the University’s MDM solution – Microsoft Intune.

Staff using a personal BYOD device

All staff requiring access to University-owned data and cloud services such as email via a mobile app or desktop application, will be required to read and comply with the UWTSD Bring Your Own Device Policy (BYOD), and enrol their device into the University’s Mobile Device Management (MDM) solution – Microsoft Intune.

The UWTSD BYOD Policy covers the use of personally owned electronic devices to access and store University information. Such devices include smart phones, tablets, laptops, desktop computers and similar technologies which are commonly known as ‘Bring Your Own Device’ or BYOD.

All users who wish to use their personal devices must abide by the policy and the University must ensure that it remains in control of organisational data for which it is responsible, regardless of the ownership of the device used to access the data.

The University must also protect its intellectual property as well as empowering staff to ensure that they protect their own personal information.

The following options are the required processes which must be followed to access University data from a personal BYOD device. The University recommends either:

Wherever possible users access University data and services from a university-provided device.
If it is not possible to utilise a University Provided Device, then users should where possible only access University-owned data and cloud services such as Microsoft 365 email from a BYOD device using an internet web browser interface.
User’s requiring access to University-owned data and cloud services such as email via a mobile application or desktop application such as Offices 365 will be required to enrol their device into the University’s Mobile Device Management (MDM) solution –Microsoft Intune.

What is the NCSC Cyber Essentials Certification?

Cyber Essentials is a simple and effective government-backed scheme that will help you protect your organisation against a range of the most common cyberattacks.

Cyber Essentials sets out five controls which you can implement immediately to strengthen your cyber defences:

Use a firewall to secure your internet connection
Choose the most secure settings for your devices and software
Control who has access to your data and services
Protect yourself from viruses and other malware
Keep your devices and software up to date

You can find out more by reading the online Cyber Essentials information leaflet.

What are the security requirements if I enrol my device?

By enrolling your device, you acknowledge that your personal device will have required security controls enforced on your personal device to ensure that University Data is secure.

These security controls include but are not limited to:

Enforced complex security password with minimum length requirement.
Automatic screen lock after period of inactivity.

Before taking the decision to enrol your device you must ensure that you have read and accept the University’s BYOD Security Compliance Settings requirements.

Can the University see my personal information?

The university cannot see any personal information on your personal BYOD device at any stage after you enrol your device in Microsoft Intune.

Enrolling your device does however make certain information, such as device model and serial number, visible to authorised UWTSD IT support staff with administrator access.

To find out more about what can and cannot be seen, please visit Microsoft’s Device Enrolment Information webpage.

To help, we have summarised what can and cannot be seen on your Personal BYOD Device.

Things UWTSD IT Administrators can never see:

Calling and web browsing history
Email and text messages
Contacts
Calendar
Passwords
Pictures, including what’s in the photos app or camera roll
Files
Additionally, on corporate-owned Android devices with a work profile:
- Apps and data in your personal profile
- Phone number

Things UWTSD IT Administrators can see:

Device owner
Device name
Device serial number
Device model, such as Google Pixel
Device manufacturer, such as Microsoft
Operating system and version, such as iOS 12.0.1
Device IMEI
App inventory and app names, such as Microsoft Word
- On personal devices, your organisation can only see your managed app inventory, which includes work and school apps.
- On corporate-owned devices, your organisation can see all apps installed on the device.
- On corporate-owned devices with a work profile, which is limited to Android devices, your organisation can only see the apps installed in your work profile.

Will the University have full control over my device?

No. If you enrol your personal BYOD device, the University does not take full control of your device.

A separate UWTSD work profile will be created, which keeps UWTSD apps and data separate to your personal apps and data.

If your employment with the University ends, this separate work profile will be removed from your personal BYOD device, and your device will be un-enrolled from the University’s MDM solution – Microsoft Intune.

Important Information

By enrolling your personal Windows 10, Windows 11 or Apple MacOS device in the University’s MDM solution “Microsoft Intune”, Microsoft provide UWTSD the functionality to remotely reset your device to its out of box experience.

UWTSD policy is that it will never factory reset a personal device. This functionality is not available to the University for any personal Android or Apple iOS devices which are enrolled. Before taking the decision to enrol your device you must ensure your data is backed up to an external source such as an external drive or cloud storage.

By enrolling your device, you acknowledge that the University will not be responsible for any loss of data from your device.

What are my personal responsibilities?

Before deciding to access UWTSD data and services from a personal (BYOD) device, staff must read, familiarise, and comply with the UWTSD Bring Your Own Device Policy (BYOD).

The key requirements detailed within the policy are:

Personal BYOD devices must be running a supported operating system.
Personal BYOD devices must be supported by the manufacturer and have all firmware updates applied.
Personal BYOD devices must be running a firewall if one exists, and have an Antivirus solution running and up to date.
Users must set up a separate user account profile without administrative or elevated rights on their device for the purposes of accessing corporate data on devices which support multiple user accounts.
In order to prevent unauthorised access, devices must be protected by a PIN or password depending on the operating system.

What are the University’s responsibilities?

The University is responsible for defining, updating and enforcing the UWTSD Bring Your Own Device Policy (BYOD).

To help protect against security risks, the University is responsible for and required to implement additional security measures to ensure that our University data and systems are protected and compliant.

UWTSD is not responsible or liable for any damage, loss, or service interruption of any BYOD device.
BYOD devices will NOT be supported by the IT Service Desk beyond UWTSD-installed software (E.g. Mobile Device Management (MDM) solutions, security tools etc.).
Network connectivity issues on campus are supported by the IT Service Desk.
Users should contact the device manufacturer or their carrier for operating system or hardware related issues.

Can I access University data without enrolling my personal device?

Accessing University-owned data and cloud services such as O365 email and Teams from a personal BYOD device without enrolling your device is permitted, but will provide reduced functionality.

If you do not enrol your device, you will not be able to access University-owned data and cloud services utilising mobile or desktop applications.

Instead, you will only be able to access University data by using a web browser interface such as Microsoft Edge which will provide reduced functionality.

To find out more about how to access University-owned data using a web browser and what functionality restrictions are in place, please follow our BYOD Web Browser Access guide.

Further Information

How many devices can I enrol?

There are no restrictions on the number of devices you can enrol/register.

How do I un-enrol my device?

Please contact the IT Service Desk who will retire your personal device from the University MDM Solution – Microsoft Intune.

Secure disposal of equipment?

When you dispose of any kind of device, you must ensure it is securely deleted/disposed of.

Please contact the IT Service Desk who will retire your personal device from the University MDM Solution Microsoft Intune.

Do I need to enrol my personal device if I use it for Voice, SMS Text or MFA Authentication?

No, you do not need to enrol your personal device for the purpose of making or receiving voice calls, SMS Text messages, or MFA authentication.

Does my personal device require a password/pin to unlock?

Yes. If you enrol your device then the device must be unlocked using credentials such as biometric, password or PIN before using it to access University Data. Please refer to the BYOD Security Compliance Settings guide for the requirements.

Will I have to change the Password/PIN length on my personal device?

You may have to change your device password/pin if your current security settings do not meet the minimum security requirements.

Please refer to the BYOD Security Compliance Settings guide for the requirements.

What happens if my personal device does not meet the required security compliance settings?

Devices will be marked as non-compliant should they fall below the required security compliance requirements. Once a device is marked as non-compliant, the following process will occur:

Device will be given 14-day grace period
An email notification will be sent to the owner of the device informing them of non-compliance
After 14 days of non-compliance – device will be retired from Intune and will require registering/enrolling again to access university data.

Can I access data without enrolling my personal device?

Yes. You can access data without enrolling your personal device by using a web browser, however, access will be restricted. Please read our BYOD Web Browser Access Guide for more information.

What are the supported internet browsers for Microsoft Teams Online and Outlook Online?

UWTSD recommend using the latest stable version of Microsoft Edge across all device platforms.